SQL-2805: add ssdlc utils to shared test infra

[jchemburkar]

this is the second pr, just updating these scripts based on feedback on the twin odbc driver pr here

Linked HERE is a patch with succeeding generation of files. The filenames appear to be the same and the links in the compliance report are correct.

[nbagnard]

I think this file is not being regenerated for the patch in the link: https://translators-connectors-releases.s3.amazonaws.com/mongosql-odbc-driver/mongosql-odbc-snapshot-compliance-report.md

I think that's because the task picks up the existing and outdated snapshot compliance report.
On the ODBC side, the path of the report to copy to the release bucket is mongosql-odbc-driver/artifacts/${version_id}/ssdlc/${COMPLIANCE_REPORT_NAME}, in shared test infra it is ${working_dir}/artifacts/${working_dir}_${version_id}/ssdlc/${COMPLIANCE_REPORT_NAME}.

Could we add the publishing tasks in share test infra too? That would avoid this kind of issues on all the projects and make it even easier to use anywhere :)

[nbagnard]

Let's add publishing tasks for the compliance report and SBOM too, similar to what is done for the static analysis report, especially since the report is expecting the sbom and sarif to be in specific location.

[nbagnard]

Could we have a generic compliance report template to use for every project?
You can parametrize it fully I think by adding a variable for Project name in the signature validation steps

[jchemburkar]

The templates are slightly different -- do you want us to put the odbc signature information for ODBC into the README? that would then make it hte same as the JDBC one

https://github.com/mongodb/mongo-odbc-driver/blob/main/resources/ssdlc/mongo-odbc-driver_compliance_report_template.md
https://github.com/mongodb/mongo-jdbc-driver/blob/master/resources/release/mongo_jdbc_compliance_report_template.md

[nbagnard]

It looks like both our README have the a section for signature validation, so that might be a good idea. You could then templatize it with just the README link. I would use the link to the bookmark section though, not sure why our JDBC link just point to the README.
Another way would be to have a file path, which would contain the steps, for each driver and then we would templatize the path to this file, copy the content in the report ( I think it is better to copy the content because if the key change for example, the steps will still be correct for outdated releases).
This would make things easier to keep up-to-date, but require a bit more work on the share test infra and drivers. But I think we have the time for that right now, so I would go with that. I also mean that if things change, we can point the docs team directly to the file with the steps as well.

[jchemburkar]

https://spruce.mongodb.com/version/68cca0136ae6dd0007859164/tasks?sorts=STATUS%3AASC%3BBASE_STATUS%3ADESC

^ Updated evergreen patch. The filepaths in the compliance report should be correct now (I checked them and they look right to me)